Η British Library, the UK's national library and one of the largest libraries in the world, has confirmed that a ransomware attack led to the theft of internal data.
Στα τέλη Οκτωβρίου, η Βρετανική Library αποκάλυψε για πρώτη φορά ότι αντιμετώπιζε ένα απροσδιόριστο περιστατικό cyber securityς που προκάλεσε «μεγάλη διακοπή τεχνολογίας» στους ιστοτόπους της στο Λονδίνο και το Γιορκσάιρ, που κατέρριψε τον ιστότοπό της, τις τηλεφωνικές γραμμές και τις επιτόπιες υπηρεσίες της, όπως ο επισκέπτης Wi. -Fi και ηλεκτρονικές πληρωμές.
Two weeks on, and the British Library shutdown continues. However, the agency has now confirmed that the outage is the result of a ransomware attack launched "by a group known for such criminal activity." The British Library said some internal data has been leaked online, which "appears to come from our internal HR files".
This confirmation comes hours after the British Library was listed on the dark web for leaking the Rhysida ransomware gang. The listing, seen by TechCrunch, claimed responsibility for the cyberattack and is threatening to release data stolen from the British Library unless a ransom is paid. The gang demanded more than $740.000 worth of bitcoins at the time of writing.
The Rhysida ransomware gang has not said how much or what types of data it has stolen from the British Library, but samples of the data shared by the gang appear to include work documents and passport scans.
Rysida was last week subject of joint CISA and FBI advisory, which warned that the group is leveraging external-facing remote services such as VPNs to compromise organizations across the education, IT and government sectors. The advisory also warned that Rhysida, which was first spotted in May, shares overlap with the Vice Society ransomware gang, a hacking group known for ransomware extortion attacks on healthcare and education organizations.
"Specifically, according to the ransomware group's data leak site, Vice Society has not posted a victim since July 2023, around the time Rhysida began reporting victims on her site," wrote Sophos researchers Colin Cowie and Morgan Demboski. recent analysis of Rysidas.
It is not uncommon for ransomware gangs to dismantle, revise, or create new variants of malware, often as a way to evade government sanctions or evade capture by law enforcement.
In a statement on Monday shared on X (formerly Twitter), the British Library said it had "no evidence" that its patrons' data had been compromised, but advised users to change their passwords as a "precautionary measure", particularly if customers use the same passwords across multiple services.
It is not known whether the British Library has the technical means to determine whether customer data has been obtained.
The British Library has not yet said how it was breached, how much staff data was stolen or whether it has received communications or a ransom demand from the hackers. The British Library did not respond to TechCrunch's questions, although it is unclear whether the organization has access to services Email. The library website remains offline at the time of publication.
The British Library said in its latest statement that it could take weeks, or possibly longer, to recover from the ransomware attack. "We anticipate the restoration of many services in the coming weeks, but some disruption may persist for longer," the statement said.
"In the meantime, we have taken targeted protective measures to ensure the integrity of our systems and continue to investigate the attack with the support of Mitro's [National Cyber Security Centre]policyς Αστυνομίας και των ειδικών στον τομέα της κυβερνοασφάλειας.”